Linked by Thom Holwerda on Mon 6th Aug 2012 11:12 UTC
Apple Mat Honan got hacked, and lost all the data on his MacBook, iPad, and iPhone. How? Somebody broke into his iCloud account. Brute force attack? Simple password? No, not really - the hacker called Apple tech support, and convinced the person on the phone he was really Mat Honan. Apple then reset the iCloud password. The dangers of a monoculture, kids. Even Steve Wozniak has doubts about everything going into the cloud.
Thread beginning with comment 529889
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: oh, FFS...
by maccouch on Mon 6th Aug 2012 14:44 UTC in reply to "RE: oh, FFS..."
maccouch
Member since:
2012-03-14

"what exactly is the "monoculture" danger here? *


iPhone, iPad, MacBook Air, iCloud. All his computing devices rendered useless because he relied on a monoculture.

I have Windows, Linux, Android phone/tablet, and a separate, independent cloud backup solution (which is encrypted and only I know the password - not even the provider itself knows my password; if I lose it, I can't access my data anymore since its encrypted). No monoculture, hence, no danger is me being knocked out because my monoculture gets knocked out.

This is not rocket science.
"

Aparrently it is... Correlation does not mean causality.

lets say you would use androidlost (http://androidlost.com) on your android phone, lojack (http://www.absolute.com/lojackforlaptops/features) for your windows laptop, and prey on your linux laptop (https://panel.preyproject.com/forgot).

In all of them you activate the remote wipe feature. In all of them you've got a nice "i forgot my password" webpage that allows you to resend a reset request for your email. But your email accounts, all of them, were hacked. so what now? how has your avoidance of "monoculture" stopped it?

the question here is not the reliance on apple's system. the question is that we've chainlinked all of our email accounts and webservices in to either a something of a pyramid or, in some times, an endless loop of accounts. And if a sufficiently high weak link can be broken by social engineering, you're royally screwed.

Specially if, like this guy, you activate remote wipe without even considering doing local backups. On that issue alone i find serious problems feeling sorry for him. that's doubly dumb and whining shouldn't be allowed here.

you can join apple or google or microsoft monoculture as much as you want. just either don't give them the power to wipe everything (i would say phone wipe is ok, but laptop is better served with encryption) or do backups!

Reply Parent Score: 1

RE[3]: oh, FFS...
by Thom_Holwerda on Mon 6th Aug 2012 14:51 in reply to "RE[2]: oh, FFS..."
Thom_Holwerda Member since:
2005-06-29

He lost all his data because all his machines were Apple and his cloud provider was Apple. He relied on a monoculture, and everything was lost. You seem to think I'm blaming Apple (your favourite company), which I'm not - I'm blaming the guy for being stupid enough to have only Apple devices and Apple software. Had he had a Windows laptop, an Android phone, and an iPad, this would have NEVER happened.

Reply Parent Score: 2

RE[4]: oh, FFS...
by maccouch on Mon 6th Aug 2012 14:59 in reply to "RE[3]: oh, FFS..."
maccouch Member since:
2012-03-14

sigh....

Thom, he lost his data because he installed "remotely wipe" solutions on his devices that were linked to one of his mail accounts.

i've just shown you that you can install similar applications on other OSes and devices and they all behave the same and they all are linked to your webmail.

Apple's fault here is the original reset of his password. That's dumb. i'm not sure if they could have avoided it, considering the kind of safety features for this kind of systems (i can't stop bitching about "what' my pet name" questions). But apart from that Apple is as guilty as any other provider of the same services. which is none. they did what they were asked by what they believed was the user.


Remotely wipe solutions are solutions for protecting the data in your physical computer from getting in the hands of thieves. they are not designed to prevent you loosing access to your webmail accounts.

-----


and just for the record, Mac OS X is currently my favourite system. Apple is just the company that does it. I find less fault in their computer systems than with other vendors, but i sure hell don't trust them or "like" them nor are they my "favourite company". they provide me with what i want. for now. the way things are going not sure if that will last for a long time.

Reply Parent Score: 1

RE[4]: oh, FFS...
by maccouch on Mon 6th Aug 2012 15:49 in reply to "RE[3]: oh, FFS..."
maccouch Member since:
2012-03-14

i've just realized that there might another misinformation that doesn't help in our discussion.

You do realize that you can have mac devices without using icloud, and you can use some features of icloud but not use/allow the remote wipe right?

the use of the icloud data wipe, where's my phone and storage of encryption keys by apple are all the user option, and you don't have to use them to use the rest of the features/software.

it was this particular user decision to activate them. he didn't have to. they didn't came enabled by deafult, apple asks you if you want to do that. i didn't. he apparently did.

Reply Parent Score: 1

RE[4]: oh, FFS...
by henderson101 on Mon 6th Aug 2012 16:00 in reply to "RE[3]: oh, FFS..."
henderson101 Member since:
2006-05-30

He lost all his data because all his machines were Apple and his cloud provider was Apple. He relied on a monoculture, and everything was lost.


No, factually incorrect. He lost all of his data because he linked his devices to the same Apple ID and then allowed remote Wipe. You can associate your iDevices with multiple iCloud accounts (i.e. one per device, and in fact this happens by default.) I did this on my iphone/ipad initially, but to be honest, I ended up buying extra space, so I linked them both to the same account. But my iCloud is linked to my Gmail account and that has 2 step authentication turned on. Your icloud also doesn't have to have anything to do with your iTunes Apple ID, not your developer Apple ID. The problem is more that people like to use the same details and passwords everywhere.

I'm blaming the guy for being stupid enough to have only Apple devices and Apple software. Had he had a Windows laptop, an Android phone, and an iPad, this would have NEVER happened.


Again, bull. This could easily have happened with every other device, if the person configuring services used the same primary email address. As already mentioned, not even Apple forces you to do that.

Reply Parent Score: 2

RE[4]: oh, FFS...
by leos on Tue 7th Aug 2012 00:50 in reply to "RE[3]: oh, FFS..."
leos Member since:
2005-09-21

He lost all his data because all his machines were Apple and his cloud provider was Apple. He relied on a monoculture, and everything was lost. You seem to think I'm blaming Apple (your favourite company), which I'm not - I'm blaming the guy for being stupid enough to have only Apple devices and Apple software. Had he had a Windows laptop, an Android phone, and an iPad, this would have NEVER happened.


That's funny coming from someone so excited about Windows Phone. According to your anti-monoculture ideology that should be a strict impossibility. I guess if you want a windows phone you can always switch to a Mac laptop.

Realistically the chance of this kind of thing is one in several hundred million. Compromising interoperability every single day just to avoid such a remote possibility is ridiculously paranoid. I use just as many google services as apple services, so it has nothing to do with any particular company.

Reply Parent Score: 1

RE[4]: oh, FFS...
by Soulbender on Tue 7th Aug 2012 09:56 in reply to "RE[3]: oh, FFS..."
Soulbender Member since:
2005-08-18

He lost all his data because all his machines were Apple and his cloud provider was Apple.


No, he lost his data because he chose to simplify his life and forgot or ignored the items needed to ensure he could recover his data easily.

I'm blaming the guy for being stupid enough to have only Apple devices and Apple software


I don't see why that is stupid in and of itself.

Reply Parent Score: 2